http://www.csoonline.com/article/2874230/cybercrime-hacking/thousands-of-us-gas-stations-exposed-to-internet-attacks.html
By Lucian Constantin
IDG News Service
Jan 23, 2015
Over 5,000 devices used by gas stations in the U.S. to monitor their fuel
tank levels can be manipulated from the Internet by malicious attackers.
These devices, known as automated tank gauges (ATGs), are also used to
trigger alarms in case of problems with the tanks, such as fuel spills.
"An attacker with access to the serial port interface of an ATG may be
able to shut down the station by spoofing the reported fuel level,
generating false alarms, and locking the monitoring service out of the
system," said HD Moore, the chief research officer at security firm
Rapid7, in a blog post. "Tank gauge malfunctions are considered a serious
issue due to the regulatory and safety issues that may apply."
Earlier this month, Moore ran a scan to detect ATGs that are connected to
the Internet through serial port servers that map ATG serial interfaces to
the Internet-accessible TCP port 10001. This is a common set-up used by
ATG owners to monitor the devices remotely.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
